CVE-2025-0447

HighPublic PoC

Published: 15 January 2025

Published

15 January 2025

Modified

21 April 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0063 70.5th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

Inappropriate implementation in Navigation in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)

Security Summary

CVE-2025-0447 involves an inappropriate implementation in the Navigation component of Google Chrome prior to version 132.0.6834.83. This flaw allows a remote attacker to achieve privilege escalation via a crafted HTML page. The vulnerability is associated with CWE-79 and carries a Chromium security severity rating of Low, with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

A remote attacker without privileges can exploit the issue by luring a user to interact with a malicious site hosting the crafted HTML page, requiring user interaction such as clicking or navigating. Successful exploitation enables privilege escalation, resulting in high impacts to confidentiality, integrity, and availability.

Google addressed the vulnerability in the stable channel update for desktop Chrome 132.0.6834.83, as announced at https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html. Further technical details are available in the Chromium issue tracker at https://issues.chromium.org/issues/375550814.

Details

CWE(s): CWE-79

Affected Products

google

chrome

≤ 132.0.6834.83

References

https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html
Release Notes · chrome-cve-admin@google.com
https://issues.chromium.org/issues/375550814
Exploit, Issue Tracking · chrome-cve-admin@google.com